Thesis Topics
Automated Security Rule Change Maintainance
Can we automatically detect changes to security rules and support security practitioners in maintaining their implementation?
Objectives
- Create a security rule change taxonomy
- Implement an LLM-based approach towards rule change classification
- Design a semi-automatic adaptation of security rule implementations
- Evaluate the correctness and usefulness of the proposed approaches
Requirements
- Basic understanding of security rules
- Basic understanding of technical security implementations
- Strong understanding of NLP and LLMs
Expected Duration: 6 months
On the Feasibility of Automated Relation Analysis of Regulatory Security-Relevant Requirements
To what extent can we analyze the relations between requirements originating from different regulations or even internal policies to understand overlaps and contradictions?
Objectives
- Build a corpus of relations between different requirements from regulatory documents - based on published resources
- Prototype different NLP approaches for the analysis of the relation between those requirements
- Evaluate the effectiveness of the approaches and outline limitations
Requirements
- Strong understanding of NLP techniques
Expected Duration: 6 months - Start: November 2025
Reference Claim Verification in Scientific Writing
How well can we automatically verify or reject references as proof for claims in scientific manuscripts?
Objectives
- Consolidate a golden standard of claims and references in scientific manuscripts
- Prototype an agentic approach for the detection, extraction, and verification of claims
- Assess the potential, limitations, and usefulness of the proposed approach
Requirements
- Strong understanding of agentic frameworks
Expected Duration: 6 months
GenAI to Detect and Extract Requirements from Security Standards: A Feasibility Study
How well can GenAI detect, extract and formulate actionable software requirements from security standards?
Objectives
- Analyze the potential and limitations of AI to detect requirements
- Analyze the performance of AI in extracting requirements information
- Evaluate the usefulness of different software requirement formulations
Requirements
- Strong understanding of NLP, LLMs, and prompt engineering
- Strong security and security compliance knowledge
Expected Duration: 6 months
Industrial Product Backlog Exploration: Potential and Limitations of NLP-based Analyses for Security Purposes
How reliably can NLP techniques support engineers by providing security advice for backlog items that are relevant for the security of our product?
Objectives
- Employ NLP techniques to detect backlog items relevant for the product security
- Map relevant security advice/rules to backlog items
- Evaluate the effectiveness and reliability of the approach
Requirements
- Basic understanding of NLP techniques
- Basic understanding of security & security compliance
Expected Duration: 4 months
Artefact-based Evaluation of Software Engineering Research Reproducibility
To what extent can we automatically evaluate the level of reproducibility of software engineering research artefacts e.g., to support authors in improving their research artefacts?
Objectives
- Build a corpus of relevant characteristics to evaluate research artefacts against
- Prototype an agentic approach for the evaluation along those characteristics
- Assess the potential, limitations, and usefulness of the proposed approach
Requirements
- Basic understanding of the relevance of reproducibility in science
- Strong understanding of agentic frameworks
Expected Duration: 6 months